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Abstract —Meter measurements in the power grid are suscep¬ 
tible to manipulation by adversaries, that can lead to errors 
in state estimation. This paper presents a general framework 
to study attacks on state estimation by adversaries capable of 
injecting bad-data into measurements and further, of jamming 
their reception. Through these two techniques, a novel ‘detectable 
jamming’ attack is designed that changes the state estimation 
despite failing bad-data detection checks. Compared to commonly 
studied ‘hidden’ data attacks, these attacks have lower costs and a 
wider feasible operating region. It is shown that the entire domain 
of jamming costs can be divided into two regions, with distinct 
graph-cut based formulations for the design of the optimal attack. 
The most significant insight arising from this result is that the 
adversarial capability to jam measurements changes the optimal 
’detectable jamming’ attack design only if the jamming cost 
is less than half the cost of bad-data injection. A polynomial 
time approximate algorithm for attack vector construction is 
developed and its efficacy in attack design is demonstrated 
through simulations on IEEE test systems. 

I. Introduction 

As power grids around the world move towards smarter 
devices and distributed control, it has led to large scale 
placement of cyber meters like PMUs [ 1J for real-time data 
collection. This can have a variety of positive implications for 
the grid, notably monitoring of the grid state for improved reli¬ 
ability and optimal electricity prices. However, ‘smart’ meters 
and associated communication infrastructure are vulnerable 
to adversarial attacks by rogue agents and online viruses. 
Examples of these attacks include GPS spoofing attack on 
PMUs 0, ‘Dragonfly’ virus ED, Arora test attack El among 
others. Such data attacks can lead to incorrect estimation of 
the grid state and result to large scale blackouts. The extreme 
consequences of adversarial attacks and counter strategies has 
attracted significant interest from the research community. a 
first introduced the problem of undetectable data attacks that 
bypass standard bad-data tests present in the state estimator. 
The optimal attack vector comprising of the compromised 
measurements is constructed in a using projection matrices. 
Subsequent work has looked at the problem of constructing 
the optimal attack under different grid conditions and adver¬ 
sarial objectives. Attack construction that require minimum 
number of measurement corruptions are presented in 0 using 
Iq — 1\ relaxation. Reference 0 analyzed a system with phasor 
measurements and used mixed integer linear programming to 
create the optimal attack. For systems with phasor and line 
flow measurements and PMUs, m, m discusses graph cut 
based attack designs on specific buses on the grid and associ¬ 


ated protection strategies. Similarly, other protection schemes 
have been discussed in literature, including heuristic protection 
schemes m, greedy schemes 0, 0 among others. 

It is worth noting that most research on power grid cyber¬ 
security has focussed on designing ‘hidden’ attack vectors that 
completely evade the bad-data detection tests at the grid’s 
state estimator. However, the authors of ED showed that data 
‘framing’ attacks can be constructed that changes the values in 
half of the measurements in the attack vector while damaging 
the other half. The attack is initially detected by the estimator 
but becomes feasible after the bad-data identifier removes the 
damaged measurements. In El, a generalized ‘detectable’ 
attack model was presented for systems where a subset of the 
measurements are incorruptible. The authors in E2 showed 
that by focussing on the bad-data identifier, the cardinality 
of the optimal ‘detectable’ data attack in most cases can be 
reduced by greater than 50% (50% in worst case) of that 
of ‘hidden’ attacks. More importantly, the ‘detectable’ attack 
framework in E2 is shown to produce feasible attacks in op¬ 
erating regimes that are secure against ‘hidden’ attacks. In this 
work, we consider the ‘detectable’ attack framework in El 
but with one major modification to the adversary’s capability. 
In addition to modifying insecure measurements (bad-data 
injection) as described in previous work, the adversary con¬ 
sidered here is capable of jamming or blocking measurement 
communication to the state estimator. Note that measurement 
jamming can be conducted using commercial jammers (for 
wireless communication). Denial of Service attack ED or by 
physically damaging the communication channel. Compared to 
bad-data injection that requires measurements to be changed 
by precise real values, measurement jamming is in fact less 
resource-intensive. One can make the realistic assumption that 
the non-negative cost of jamming lies in the range between 0 
and the cost of injecting bad-data into a measurement. 

The overarching goal of this work is thus to study the 
impact of adding measurement jamming to the adversary’s 
arsenal on the design of the optimal ‘detectable’ data attacks. 
Here, we formulate the optimal attack vector design as a graph 
cut problem based on the necessary and sufficient conditions 
for feasibility. We show that the entire range of values for 
measurement jamming cost can be divided into two intervals 
with different optimal attack formulations that lead to two 
distinct design strategies. Specifically, we prove that mea¬ 
surement jamming significantly alters the optimal ‘detectable’ 
attack design only if the jamming cost is less than half the 



cost of data-injection. In contrast, we show that for ‘hidden’ 
data attacks, measurement jamming leads to a single simple 
attack strategy independent of the jamming cost. We provide 
recursive min-cut based algorithms to design the optimal 
attack over the entire range of jamming cost values and show 
the cost improvement derived from measurement jamming 
through simulations on IEEE test cases m. By discussing 
the scope of measurement jamming as an adversarial strategy, 
our work thus provides a potent and realistic generalization of 
current data attack frameworks. Finally, we show that number 
of incorruptible measurements needed to prevent ‘detectable’ 
attacks scales at least with the total number of measurements. 
This is much higher than ‘hidden’ attacks where the security 
needs scale with the number of buses in the system 0- 
Thus, in addition to significantly reducing the cost of data 
attacks, our attack framework also undermines measures of 
grid resilience based on ‘hidden’ attacks. 

The rest of this paper is organized as follows. The next 
section presents a description of the system models used in 
state estimation, bad-data detection and identification. The 
novel adversarial attack model with jamming is introduced 
in Section m along with conditions necessary for attack 
feasibility. Section IV analyzes how the cost of jamming 
affects the attack strategy and grid resilience and presents a 
graph theoretic formulation for the optimal attack design. Our 
algorithm to design an optimal attack vector is presented in 
Section[V] Simulations of the proposed algorithm for the range 
of jamming and bad-data injection costs on IEEE bus systems 


and comparisons with existing work are shown in Section VI 


Finally, concluding remarks and future directions of work are 
presented in Section [Vli| 


II. State Estimation and Bad-Data Detection in 
Power Grids 

We denote the power grid by a set V of buses (nodes) 
connected by a set E of transmission lines (directed edges). 
Figure |T] shows the graph representation of the IEEE 14 bus 
test system Di- 

Measurement Model: We use DC power flow model [fl6il 
for the grid here where nodal line voltage magnitudes and line 



Fig. 2. State Estimator for a power system 03, ED 


resistances are ignored. It is given by: 

z = Hx + e (1) 


Here z £ R m is the m length vector of measurements. We 
consider two kinds of measurements in the grid: a) flow 
measurements on lines and b) voltage phasor measurements 
on buses, measured by conventional meters and phasor mea¬ 
surement units, x £ K" denotes the state vector of length 
n = \V\ that comprises of the phase angles at the buses in 
the grid. H is the measurement matrix and e is a zero mean 
Gaussian measurement noise vector with known covariance E. 
Let the k\ h and entries in z represent the power flow on 
line (i, j) from nodes i to j and the voltage phasor at node i 
respectively. Then, z{k\) = Bij{x{i) — x(j)), z(k 2 ) = x(i). 
Here ll t) is the susceptance of line (i, j). The corresponding 
rows in H thus have the following structure: 


H(ki) = [0..0 B i:j 0..0 — B i:j 0..0] (2) 

H(k 2 ) = [0..0 1 0..0] (3) 

We assume m > n and full column rank of H, without 
a loss of generality. Further, without a loss of generality, we 
introduce a [n + l) th reference bus with phase angle 0 in our 
system and represent it by augmenting 0 to the state vector x. 
Let z include the phase angle measurement for some bus i. 
Note that the angle measured can be considered equivalent to a 
flow on a hypothetical line of unit conductance between bus i 
and the reference bus (with phase 0). Thus, we can add an extra 
binary valued column h 9 corresponding to the reference bus 
in matrix H to get z = Hx = [H\h 9 ] g . Here h 9 {k) = — 1 
if z(k) measures a phase angle and 0 otherwise. Observe 
that after addition of the reference bus in the system, all 
measurements now correspond to flow measurements. Abusing 
notation, we use x and H to denoted the augmented state 
vector and measurement matrices respectively from this point. 

State Estimator: We consider a least-square state estimator 
in the grid as shown in Figure [2] fl5l . fl6l . 

The state vector estimate x* for a given measurement vector 
z is generated by minimizing the weighted measurement resid¬ 
ual J(x,z) = ||E“- 5 (z — iTx )||2 over variable x. Following 
estimation, a threshold (A) based bad-data detector determines 
the presence of erroneous measurements by the following test: 


i-.5 


(z — Hx*)\\ 2 < A accept x* 

> A detect bad-data 


( 4 ) 



































If the test detects bad-data, the measurements are sent for 
eliminating the bad-data as described below, following which 
the state estimate is recomputed. 

Bad-data Removal: Note that the measurement residue 
vector r for measurement z and estimated x* is given by 02 , 

m- 

r = z — Hx* = [I- H(H T Y,- 1 H)- 1 H T Y,- 1 ]z (5) 

with variance R r . Assuming that each measurement is inde¬ 
pendently affected by natural bad data, the state estimator 
removes the least number of erroneous measurements such 
that the resulting residual satisfies the threshold condition in 
Eq. (|4| while preserving full column rank in //. For a single 
removal, the optimal strategy is to remove the measurement 
with largest normalized residual 02- However, for multiple 
bad-data entries, the optimal removal strategy is a non-convex 

problem 02, ED- 

We assume in the remainder of this paper that the measure¬ 
ment data z, in the absence of any adversarial manipulation, 
is reasonably clean and capable of producing the correct state 
estimate x* by passing the bad-data detection test. 

A. Attack Models 

Let a denote the injected adversarial attack vector that is 
added to correct measurements in z to generate the compro¬ 
mised measurement vector z + a. Traditional attack models 
have focussed on bypassing the bad-data detector by ensuring 
that the measurement residual in Eq. 0 remains unchanged 
following the injection of bad-data. Mathematically, this re¬ 
quires a = He ^ 0 for some c € as ||E “- 5 (2 — Hx *)\\2 = 
||E _ - 5 (z + a — H(x*+c))\\2- Thus, a ‘Hidden’ Attack results 
that produces an erroneous state vector x* + c 0. Next we 
describe ‘detectable’ data attacks 02 that are the focus of 
this paper. 

‘Detectable’ Data Attack: From the bad-data removal 
scheme described earlier, it is clear that an attack vector 
a 0 will change the state estimate if removal of some 
other k < ||a||o measurements (distinct from the attack 
vector) satisfies the bad-data detection test. For a nonzero 
He, consider the adversarial strategy that excludes (or does 
not corrupt) less than 50% of the non-zero entries in He 
from the attack vector a. Note that a still gives a feasible 
‘detectable’ attack as the non-zero terms in ( He — a) are 
identified as bad-data instead of vector a. This happens as 
\\a\\ 0 > ||iTc — a||o- In the next section, we formulate in detail 
the design of the optimal ‘detectable’ data attack and the use it 
to analyze changes that arise due to the adversarial capability 
to jam measurements. 

III. ‘Detectable’ Attack with Measurement 
Jamming 

In a general setting, few of the measurements in the 
grid may be incorruptible due to geographical isolation or 
encryption. We denote this set of measurements secure from 
adversarial corruption by S. Note that measurements in S 
suffer from normal bad-data arising from measurement noise. 


The remaining insecure measurements belong to set S c . The 
measurements included in the minimum cost ‘detectable’ 
attack are given by non-zero terms in the optimal vector d* 
in the following optimization problem 02: 


r min X1 Ho 

de{0,l} m ,c6K rl+1 


s.t. a = He, 0 , c(n + 1) = 0 

d(i) = 0 Vi £ S m (secure measurements) 

\\d\\ 0 > ||a||o/2 (for feasibility) 

rank(DH) = n, diag(D) = 1 — (1 — d) * a sp t y 


(P-1) 


( 6 ) 

(7) 


Here, a* b refers to the element-wise multiplication between 
vector a and b, while a sp t y denotes the sparsity pattern in 
vector a. Condition 0 ensures that the estimator removes 
measurement entries corresponding to non-zero terms in (1 — 
d) *a as bad-data, instead of the data injected in d*a. D is a 
diagonal matrix whose diagonal entries are 0 for removed data 
and 1 otherwise. DH is the measurements matrix after bad- 
data removal. Condition ([7J keeps it at full rank. The attack 
passes the bad-data detection test as it lies in the column space 
of DH. It is worth restating that as each row in augmented 
H corresponds to a flow measurement, H is equivalent to 
a susceptance weighted incidence matrix of a graph Gh with 
n +1 nodes and edges given by rows in H. Due to this structure 
of H, it can be shown that 0, 0, 02 the optimal attack 
a* = He corresponds to a 0 — 1 binary valued nodal vector c. 


Further, the optimal attack strategy for Problem P — 1 doesn’t 


change if H is replaced by the un-weighted incidence matrix 
A h of graph G H (A H (i,j) = 1 > 0) - 1 < 

0)) as for a binary valued c, Ahc and He have the same set 
of non-zero terms (identical sparsity pattern). Note that non¬ 
zero values in Ahc actually represents cut edges in graph Gh 
between nodes marked 1 and 0. This leads to the following 
result (Theorem 2 in 02) for optimal attack for Problem P-1 


Theorem 1 (02 Theorem 2]). Let C* denote the minimum 
cardinality cut in Gh with a minority of secure cut-edges 
(| C* fl Sj < |C*|/2 ). An optimal ‘detectable’ attack for 


Problem P-1 is given by any |_1 -F | C7* | /2J cut-edges in C*C\S C 
(insecure cut edges). 


We ignore the proof here for space constraints. Observe 
that if d is restricted to an all-1 vector. Problem |P- 1 1 reduces 
to the problem of determining the optimal ‘hidden’ attack. The 
optimal attack in that case is given by the minimum cardinality 
cut in Gh that does not include any secure edge in S m 0, 
0 . 

‘Detectable Jamming’ Attack: We now analyze an ad¬ 
versary with the capacity to jam insecure measurements in 
addition to manipulating their values by bad-data injection. 
Secure measurements are assumed to be Let pj and pi be 
the cost associated with jamming and bad-data injection into 
an insecure measurement in the grid respectively. We assume 
that 0 < pi < pj as the range of pj as jamming is less 
resource intensive than bad-data injection. This is a reasonable 





assumption as jamming can even be conducted by introducing 
garbage values through bad-data injection techniques. For ease 
of elucidation, we assume that the jamming and manipulation 
costs are uniform over all measurements in S c , though all anal¬ 
ysis follows immediately for variable costs as well. Consider 
a cut C in graph G n . Let rig and ng c denote the number of 
secure and insecure edges in cut C with rigo > rig as shown 
in Fig. [3] By Theorem [I] attack feasibility requires injection 
into k^ (k c > |C|/2) insecure edges at a cost of pik c . 
Instead, consider a different strategy where the adversary jams 
k C j insecure measurements. As jammed measurements are 
not received and ignored by the control center, the cut-size 
effectively reduces to |Cj — kj. If the remaining rig c — kj 
insecure edges in the cut are greater in number than the rig 
secure edges, the adversary can still attack kf > 1+ J 

measurements and generate a feasible attack. As depicted in 
Fig. 0 the cost of this new attack is pikf +pjkj. We term it a 
‘detectable jamming’ attack to distinguish it from the original 
‘detectable’ attack that doesn’t incorporate jamming. 

We formulate the design of the optimal ‘detectable jam¬ 
ming’ attack as follows: 


min pj\\dj\\ 0 +Pi\\d I \\ 0 (P-2) 

dj,che{ o,i}™ 

s.t. a = Arc, c € {0,1}” +1 — 0 , c(n + 1 ) = 0 

dj + dj£{ 0,l} m (8) 

dj(i) = d f (i) = 0 Vi € S m (9) 

||d/||o > (l|a||o - ||dj||o)/2 (for feasibility) (10) 


rank(DAff) = n where diag(D) = 1 — (1 — dj — dj ) * | 

( 11 ) 


The non-zero values in optimal dj and dj give the mea¬ 
surements to jam and injection bad-data respectively in the 
optimal attack. Note that in Problem |P-2| we replaced H 
with incidence matrix Ah and made c a 0 — 1 vector as 
discussed earlier. Here, condition [8] ensures data injection 
and jamming cannot occur at the same measurement. The 
remaining conditions arise from incorruptibility of secure 
measurements & feasibility of ‘detectable’ attack ( [TO} and 
full system observability after bad-data removal m From the 
discussion preceding Problem |P-2| it is clear that the optimal 
‘detectable jamming’ attack has a graph-cut based construction 
as stated below. 


Lemma 1. Let C denote a cut in Gr with (n,g c > |Cj/2) 
insecure cut-edges. A feasible attack is given by jamming 
( kj > 0) and injecting data into (|_1 + (|C*|— kj)/2\ > 0) of 
the rigc insecure cut-edges at a cost of Pjkff +p/Ll + (|C*| — 
k C j)/ 2J. The optimal 'detectable jamming’ attack is given by 
minimizing the attack cost over variable kj (jammed edges) 
for all feasible cuts C. 

It is noteworthy that if kff =0 in Lemma [I] we obtain 
the optimal ‘detectable’ attack (no jamming) as a feasible 
‘detectable jamming’ attack. This leads to following important 
properties. 


Corollary 1. • The space of system configurations with 

feasible ‘detectable jamming’ attacks is identical to that 
of ‘detectable’ attacks and is a superset of that of hidden 
attacks. 

• The cost of the optimal ‘detectable jamming’ attack is 
never greater than the cost of optimal ‘detectable’ attack 
and never greater than .5 + 1/|C^| times the cost of 
optimal ‘hidden’ attack on a system, | Ct, : * \ being the 
cardinality of optimal ‘hidden ’ attack. 

The first property arises as the set of cuts with majority 
of edges in S c (feasibility requirement of ‘detectable’ and 
‘detectable jamming’ attacks) is a superset of the set of 
cuts will all edges in S c (feasibility requirement of ‘hidden’ 
attacks). The second property has two parts: the first part 
follows from the fact that the optimal ‘detectable’ attack is 
a feasible ‘detectable jamming’ attack and hence not of lower 
cost that the optimal; the second part follows from the fact 
that injecting bad-data into 1 + U^XIJ/2 measurements of 
the optimal ‘hidden’ attack constitutes a feasible ‘detectable’ 
attack. It needs to be mentioned that these bounds reflect 
comparisons in the worst-case. The simulation results in 
Section [VI] demonstrate that the average impact of ‘detectable 
jamming’ attack is much more substantial. In the next section, 
we discuss the effect of jamming cost pj on the design of the 
optimal attack vector and its key properties. 

IV. Effect of Jamming cost on Attack 
Construction 


Pi 

( c V, < T 


C : Feasible cut 


Pi 

Pj>-+c 


I HI] L 


I Secure, untouched 


Bad-data injected 


a Jammed a 


Insecure, untouched 


Fig. 3. Effect of jamming cost pj and bad-data injection cost pj on the 
minimum cost attack C* derived from a feasible cut C with n§ secure and 
n^ c insecure measurements. Secure, insecure but untouched, jammed, bad- 
data injected measurements in the cut are represented by red, white, blue 
and green colors respectively. When pj < p//2, attack cost is reduced by 
replacing one bad-data injection with jamming two measurements as shown in 
the cuts on the left of C. For pj > pj/ 2, attack cost is reduced by replacing 
two jammed measurements by one measurement with bad-data injection while 
leaving the other untouched as shown on the right side of cut C. Optimal cuts 
C* got from this replacement are given by Theorem [2] 

As mentioned earlier, we consider the jamming cost pj to 
lie in the interval [0,pj] where pj is the bad-data injection 





















cost. Consider a feasible cut C with rigo insecure edges and 
rig secure edges in the measurement graph Gh- Here n S° > 
rig as shown in Fig. [ 3 ] By Theorem [I] a feasible ‘detectable 
jamming’ attack comprises of selecting ( kj > 0) and (kf = 
LI + (\C\ - kj)/2\ > 0) insecure edges for jamming and 
bad-data injection respectively, at a overall cost of p c 

P° = Pjkj +pi[l + (|Cj — kj)/ 2J 

, 1(71+2- (1(71 ~k c T ) mod 2 

= (pj ~ Pi/2)kj + Pi ^ U - 

( 12 ) 


We divide the range of pj into two intervals: A (pj < pi/2) 
and B ( pi/2 < pj < pi). Note that in interval A, the cost p c 
is a decreasing function of kff. Therefore, the minimum cost 
attack for feasible cut C is obtained by jamming n,g c — rig — 1 
(the maximum permissible number of) insecure edges . The 
remaining rig + 1 insecure edges, greater than the number of 
secure edges by one, are injected with bad-data. The attack 
cost is given by 

P C = Pj{n% - ng - 1) + pj(ng + 1) 

= {pi-Pj)ns +PJ n s- + ip 1 ~Pj) (!3) 


. Ignoring constant [pi — pj ), this equals (7’s cut-weight if 
secure and insecure edges are given weights of (pi — pj) and 
pj respectively. Thus, if pj < pi/2, the optimal ‘detectable 
jamming’ cut corresponds to the feasible cut C* with lowest 
cut-weight in Gh, where secure and insecure edges have 
weights of ( Pi~Pj ) andpj respectively. Next consider interval 
B ( pi/2 < pj < pi). In Eq. (121, if k C j is reduced by 
2, the (| C* | — kj) mod 2 term remains unchanged and the 
overall cost p c decreases. Hence the optical attack for cut 
(7 corresponds to either kj = 0 or kff = 1, otherwise the 
attack cost can be reduced further. Checking the contribution 
of {\C*\ — kj) mod 2 term manually, we note that the optimal 
attack for cut C is given by (kj = 0, kf = (1 + |(7|)/2) for 
odd |(7|, and (kj = 1 ,kf = |Cj/2) for even |(7|. In either 
case, the optimal attack cost is an increasing function of the 
cut-size |<7| expressed below. 


P C =Pj( 1 ^ |C| mod 2) +p/[(l + |<7|)/2J (14) 


Thus, in interval B, the optimal ‘detectable jamming’ attack 
corresponds to the feasible cut C* with lowest cut-size in Gh- 
We summarize this discussion by presenting our main theorem 
for optimal ‘detectable jamming’ attack construction. 

Theorem 2. The minimum cost ‘detectable jamming’ attack 
for measurement graph Gh with jamming cost pj and bad- 
data injection cost pi is constructed as follows. 

• pj < pi / 2: Give weights of pi—pj and pj to secure and 
insecure edges respectively in Gh and find the minimum 
weight feasible cut C* with rig secure edges. Use 
{rig + 1) insecure measurements for bad-data injection 
and jam the rest. 

• pj > pi/2: Find the minimum cardinality feasible cut 
C* in Gh- Use [(1 + |C*I)/2J insecure measurements 


for bad-data injection and jam (1 — |<7*| mod 2) mea¬ 
surement. 


The comparison of attack costs in ‘detectable jamming’ 
attacks with that of standard ‘detectable’ attacks is given by 
the following. 

Theorem 3. Let cut C* with n/ secure and rig a 
insecure edges correspond to the optimal ‘detectable’ 
attack {no jamming). The cost of optimal ‘detectable 
jamming ’ attack satisfies the following bounds. 

• For pj < pi /2, the cost of the optimal ‘detectable jam¬ 
ming ’ attack is less than that of the optimal ‘detectable ’ 

attack cost by at least (pi — 2pj)[ n ~ s ' c 2 ’ ls j +pj{l—\C*\ 
mod 2). 

• For pj > pj/2, the cost of the optimal ‘detectable 
jamming’ attack is less than that of ‘detectable’ attack 
by Pi — Pj (if\C*\ is even), and equal otherwise. 

Proof: For pj > pi /2, using Theorem [l] and Theorem [ 2 ] 
it follows that the optimal cuts for ‘detectable’ and ‘detectable 
jamming’ attacks are identical. The difference is costs follows 
immediately from the attack construction using the optimal cut 
C* in either case. For pj < pi/2, note that the minimum-cost 
‘detectable jamming’ attack for feasible cut C* is given by 
injecting bad-data into rig + 1 edges and jamming the other 
insecure edges. The difference in cost between ‘detectable 
jamming’ attack and ‘detectable’ attack for cut C* is thus: 


S=p I [l+ n sy^ff/s _j _ p/ ( n g* + 1) - Pj { 
= {pj - 2 PJ) ^ ~ n ° s j + PJ (1 - |(7*| 


n c s l - nf - 

mod 2) (15) 


As (7* is a feasible ‘detectable jamming’ attack (not necessar¬ 
ily optimal) in this case, Eq. 15 gives a lower bound on the 


difference in optimal costs. 

Further, the following statements holds: 


Corollary 2. • For pj = 0 (minimum jamming cost), the 

optimal ‘detectable jamming’ attack corresponds to the 
cut C*, which has the minimum number of secure edges 
among all feasible cuts. 

• For pj = 0 , if a ‘hidden’ attack exists, an optimal 
‘detectable jamming ’ attack corresponds to the same cut 

C*. 


Finally, the following theorem presents the potency of 
‘detectable jamming’ attacks by a lower bound on the number 
of secure measurements required for complete security. 

Theorem 4. A system is always vulnerable to ‘detectable 
jamming’ attacks if less than half the total number of mea¬ 
surements are secure. 


Proof: Consider the graph Gh generated from the mea¬ 
surement system. A feasible ‘detectable jamming’ attack re¬ 
quires a cut in Gh with a majority of insecure edges. As 
less than half of the measurements in Gh are secure, there 
is at least one bus connected with a majority of insecure 











edges. Thus, a feasible ‘detectable jamming’ attack can be 
constructed using that bus’s edges as the cut. Hence proved. 


Note that Theorem [4] provides a 0(\E\) lower bound 
on the minimum number of secure measurements required 
for complete security, that scales with the total number of 
measurements. In contrast, complete protection from ‘hidden’ 
attacks require a maximum of |Vj —1 secure measurements 0, 
0, that is much lesser that in general graphs. In Section IVT 


we show simulations that confirm that ‘detectable jamming’ 
attacks are more resilience to presence of secure measurements 
than ‘hidden’ attacks. In the next Section, we present our 
algorithm to construct the optimal attack described in Theorem 
[2] and Corollary [2] 


V. Algorithm For Attack Construction 

To confirm the existence of a feasible attack, we need to 
identify a feasible cut with a majority of insecure edges in 
the graph. Theorem 3 in lfl2l proves that this is equivalent 
to the ‘ration-cut’ problem, a known NP-hard problem. Thus, 
the design of the optimal ‘detectable jamming’ attack, in the 
worst case, is hard as well. 

We now provide an approximate algorithm (Algorithm 1) 
for attack vector construction. For pj < pj /2 (interval A), we 
create weighted graph Gh with secure (insecure) edges having 
weight pj — pj (pj ). For pj > pi/2 (interval B), we consider 
unweighted Gh- Using Theorem [2j the optimal attack, in 
either case, is given by the minimum weighted feasible cut 
in Gh- 

Working: Algorithm 1 proceeds by computing the mini¬ 
mum weight cut C in Gh (Step |T]) and checks if it is a feasible 
cut (Step [3}. If C is infeasible, one secure edge is selected 
randomly in C and its edge-weight is increased by p (Step 
[4}. We consider two cases, one where /3 is taken as the secure 
edge-weight and the other where it is taken as 00 . Following 
the increase, the algorithm recomputes the minimum weight 
cut and checks for feasibility. This process is iterated until 
a feasible cut is obtained (construct the attack vector) or the 
cut-weight reaches a threshold 7 < oc(declare no solution). 

Note that for p = 00 , in the worst case, there are |Sj min- 
cut computations (one for each secure edge) of complexity 
0(|U||.Ej + |U| 2 log |Vj) giving the algorithm a computational 
complexity of 0(|<Sj|U||.E| + |>Sj|U| 2 log |Vj). However, as the 
algorithm is approximate, it might not return a solution in 
every case. In the next section, we show simulation results 
on designing optimal attacks by Algorithm 1 in IEEE test 
systems. We also demonstrate the capacity of ‘detectable 
jamming’ attacks in overcoming high placement of secure 
measurements in the systems considered. 


VI. Results on IEEE test systems 

We discuss the performance of Algorithm 1 in designing 
‘detectable jamming’ attacks by simulations on IEEE 14-bus 
and 57-bus test systems m. In each simulation run, we put 
flow measurements on all lines in the test system considered 
and phase angle measurements on 60% (randomly selected) 


Algorithm 1 ‘Detectable Jamming’ Attack Construction 
Input: Graph Gh with secure and insecure edges weighted 
based on pj,pj , S,S c ,P,"f 

1 : Compute min-weight cut C in Gh 
2: wc <— weight of C 
3: while (wc < 7 , 2\C fj S\ > |Cj) do 
4: Randomly pick edge * £ C fj S and increase its weight 

by P 

5: Compute min-weight cut C in Gh 

6 : wc <r- weight of C 

7: end while 

B: if 2 |cn s\ < |C| then 

9: Construct attack vector using Theorem [2] 

10 : else 

11 : Declare no solution 

12 : end if 


of the system buses. Over multiple simulations, we vary the 
fraction of secure measurements and record the trends in 
average cost of constructing ‘detectable jamming’ attack. We 
consider either interval of jamming cost (pj = 0, pj < pi/2 
and pj > pi/2), and different values of parameter p (finite 
and 00 ) in Algorithm 1. The trends in average optimal cost of 
‘detectable jamming’ attacks for the 14 bus system are pre¬ 
sented in Fig.[4](for configurations that allow feasible ‘hidden’ 
attacks), and Fig. [5] (for configurations that are resilient to 
‘hidden’ attacks). To demonstrate the efficacy of our approach, 
we compare the trends with average costs of constructing 
‘hidden’ and ‘detectable’ (no jamming) attacks. Note that 
while the average attack cost is way below the upper bound 
(Corollary |T]» in Fig. [4] it is observed to eventually decrease 
with increasing secure measurements in the system. This trend 
results from the fact that system configurations resilient to 
attacks that increase with increasing secure measurements 
are not accounted for in the plotted average attack costs. 
Further, it is apparent that changing the value of ft does 
not affect the performance of Algorithm 1 much. Similarly, 
Fig. 0 includes the average cost trends for the 57 bus system, 
with p in Algorithm 1 being taken equal to the weight of 
secure measurements. From the figures it is clear that jamming 
enabled attacks have significantly reduced costs over both 
‘hidden’ and ‘detectable’ attacks. Finally, Fig. [7] plots the 
increase in number of completely resilient operating regimes 
(no feasible attack possible) with an increase in the number 
of secure measurements in the system. It is easily evidenced 
in Fig. [7] that compared to ‘hidden’ attacks, ‘detectable’ and 
‘detectable jamming’ attacks pose a much greater threat to the 
grid vulnerability as the number of secure operating regimes 
in the latter hardly increases with an increase in the number 
of secure measurements. This is in line with the security 
needs highlighted in Theorem [4] The simulations prove the 
dual adversarial benefits created by ‘detectable jamming’ 
attacks: lowering of attack cost and increased insensitivity to 








deployment of incorruptible measurements. 
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Fig. 4. Average cost of optimal attacks (‘hidden’, ‘detectable’ and ‘detectable 
jamming’) produced for different values of /3 (size of secure edge and oo) 
by Algorithm 1 on the IEEE 14 bus test system with flow measurements 
on all lines, phasor measurements on 60% of the buses and protection on a 
fraction of measurements selected randomly. The bad-data injection cost [p ;) 
is taken as 1. For the ‘detectable jamming’ attack, the jamming costs (pj ) 
considered are 0, l/4(< p //2). 3/4(> pj / 2). Only configurations where 
‘hidden’ attacks are possibly are considered to determine the average costs. 


Fig. 5. Average cost of optimal attacks (‘detectable’ and ‘detectable 
jamming’) produced for different values of /3 (size of secure edge and oo) by 
Algorithm 1 on the IEEE 14 bus test system with flow measurements on all 
lines, phasor measurements on 60% of the buses and protection on a fraction 
of measurements selected randomly. The bad-data injection cost (pj) is taken 
as 1. For the ‘detectable jamming’ attack, the jamming costs ( pj ) considered 
are 0, l/4(< pi /2), 3/4(> pj/2). Only configurations which are resilient 
against ‘hidden’ attacks are considered to determine the average costs. 


VII. Conclusion 

We introduce a new data attack framework on power grids 
termed ‘detectable jamming’ attacks, where an adversary uses 
measurement jamming as a tool in addition to changing meter 
readings (bad-data injection). Through the use of these dual 
techniques on an optimal set of measurements, the adversary 
creates a violation of the bad-data detection test but still creates 
a change in the estimated state vector. This is ensured by 
leading the state estimator to incorrectly label uncorrupted 
correct data as bad-data. We show that the design of the 
minimum cost attack of this regime is shown to be equivalent 
to a constrained graph cut problem that takes two different 
forms, dependent on the relative values of jamming and data 
injection costs. We prove that even the worst-case attack cost 
of ‘detectable jamming’ attacks is approximately half of the 
optimal ‘hidden’ attack cost, while the capability to overcome 
incorruptible measurements is much more pronounced than 
in ‘hidden’ attacks. This is highlighted by the fact that 
the number of secure measurements required for complete 
resilience against ‘hidden’ attack is of the order of number 
of buses in the system, while complete resilience against 
‘hidden’ attacks requires greater than half the measurements 
to be incorruptible and scales with the number of edges in 
the measurement graph. We further show that in comparison 
to ‘detectable’ (no jamming) attacks, our jamming reliant 
framework significantly alters the optimal attack (given by the 
optimal graph cut) only if the jamming cost is less than half the 
cost of bad-data injection. For values of jamming cost greater 
than half the injection cost, ‘detectable jamming’ attacks have 


2.2 


E 1.6 


S; 1.4 


- - - ‘detectable’ attack, with ‘hidden’ attack 

• • • 

- - - ‘det. jam.’ attack, pj = 0, with ‘hidden’ attack 


... ‘det. jam.’ attack, pj <p ( /2, with ‘hidden’ attack 


‘det. jam.’ attack, pj > p/2, with ‘hidden’ attack 

.;.V.ViA 

A " ‘detectable’ attack, NO ‘hidden’ attack 

.. 

■ i A" ‘det. jam.’ attack, pj = 0, NO ‘hidden’ attack 

_A_ A .. 

M Am ‘det. jam.’, p < p/2, NO ‘hidden’ attack 


i 

‘det. jam.’ attack, pj > P/2, NO ‘hidden’ attack 



...A vV '''..- 




- 


-- 


0.5 


0.55 


0.6 0.65 0.7 0.75 0.8 

Fraction of secure measurements in the system 


0.85 


0.9 


Fig. 6. Average cost of optimal attacks (‘detectable’ and ‘detectable 
jamming’) produced by Algorithm 1 (with finite (3 ) on the IEEE 57 bus test 
system with flow measurements on all lines, phasor measurements on 60% of 
the buses and protection on a fraction of measurements selected randomly. The 
bad-data injection cost (pj) is taken as 1. For the ‘detectable jamming’ attack, 
the jamming costs (pj ) considered are 0, l/4(< pj / 2), 3/4(> pj/ 2). 
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Fig. 7. Average fraction of simulated configurations with no feasible ‘hidden’ 
and ‘detectable jamming’ attacks given by Algorithm 1 for different values 
of (3 in IEEE 14 and 57 bus test systems. Each test system has flow 
measurements on all lines, phasor measurements on 60% of the buses and 
protection on a fraction of measurements selected randomly. 
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a lower attack cost but correspond to the same optimal graph 
cut as ‘detectable’ attacks. As the design of the optimal 
attack is NP hard in general, we present an iterative min- 
cut based approximate algorithm with polynomial complexity 
to determine the optimal cut. We demonstrate the adversarial 
benefits of our proposed attack framework and performance 
of our approximate algorithms through simulations on IEEE 
test cases for different values of jamming costs and different 
system conditions. This paper exposes the adverse effects to 
grid security posed by measurement jamming when used as an 
adversarial tool to supplement ‘bad-data’ injection. Designing 
optimal security measures against this attack regime is the 
object of our current research in this domain. 
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